CREATE USER username WITH PASSWORD 'password';
CREATE DATABASE dbname WITH OWNER username;
-- Create a group role that doesn't have ability to login by itself and
-- grant it SELECT privileged on the server inventory table.
CREATE ROLE developer;
GRANT SELECT ON server_inventory TO developer;
-- Create two user accounts which will inherit "developer" permissions upon
-- logging into the database.
CREATE ROLE alice LOGIN INHERIT;
CREATE ROLE bob LOGIN INHERIT;
-- Assign both user account to the "developer" group role.
GRANT developer TO alice, bob;
(lifted straight from here)
https://goteleport.com/blog/securing-postgres-postgresql/
In postgreSQL 15 access to the public schema has been revoked.
GRANT ALL ON SCHEMA public to $USER;
https://www.crunchydata.com/blog/be-ready-public-schema-changes-in-postgres-15